Risks
Advisories
Browse
or
or
Caldera Security Advisory - Volution Manager: Directory Administrator password in cleartext
______________________________________________________________________________ 


                Caldera International, Inc. Security Advisory 


Subject: Volution Manager: Directory Administrator password in cleartext 
Advisory number: CSSA-2002-024.0 
Issue date: 2002 June 3 
Cross reference: 
______________________________________________________________________________ 



1. Problem Description 


        Volution Manager stores the unencrypted Directory 
        Administrator's password in the /etc/ldap/slapd.conf file. 


        This vulnerability will be corrected in the next release of 
        Volution Manager. 



2. Vulnerable Supported Versions 



        System Package 
        ---------------------------------------------------------------------- 
        Volution Manager 1.1 Standard 



3. Solution 


        Volution Manager stores the un-encrypted Directory 
        Administrator's password in the /etc/ldap/slapd.conf file. 
        The password line looks similar to this: 


                rootpw <clear_text_password> 


        Caldera strongly recommends that you encrypt this password, 
        using the following steps: 


        As the root user, run slappasswd, entering your desired 
        password at the prompts (the example uses newpasswd as the new 
        password; the password will not be seen as you type it). 


        # slappasswd 
        New password: newpasswd 
        Re-enter new password: newpasswd 
        {SSHA}AvcGnFPjUCqbIs/Ki8XfiOYJwttfwnRz 
        # 


        The output is the new, encrypted password. In the file 
        /etc/ldap/slapd.conf, replace the previous rootpw line with a 
        line containing the new, encrypted password so that the line 
        looks similar to this: 


                rootpw {SSHA}AvcGnFPjUCqbIs/Ki8XfiOYJwttfwnRz 



4. References 


        Specific references for this advisory: 
                none 


        Caldera OpenLinux security resources: 
                http://www.caldera.com/support/security/index.html 


        Caldera UNIX security resources: 
                http://stage.caldera.com/support/security/ 


        This security advisory closes Caldera incidents sr864231, 
        erg501574. 




5. Disclaimer 


        Caldera International, Inc. is not responsible for the misuse 
        of any of the information we provide on this website and/or 
        through our security advisories. Our advisories are a service 
        to our customers intended to promote secure installation and 
        use of Caldera products. 


______________________________________________________________________________ 



-----BEGIN PGP SIGNATURE----- 
Version: GnuPG v1.0.6 (SCO_SV) 
Comment: For info see http://www.gnupg.org 


iEYEARECAAYFAjz72JMACgkQbluZssSXDTFGYQCfX0cnLbZoZjuVYlv/oMgkdRWd 
ZyQAniNtDNeeCoU8zZfWkbsC03tx5Bp1 
=Hb6I 
-----END PGP SIGNATURE----- 




Spotlight

Whitepaper: Zero Trust approach to network security

Posted on 20 November 2014.  |  Zero Trust is an alternative security model that addresses the shortcomings of failing perimeter-centric strategies by removing the assumption of trust.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Nov 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //